Ryan Riffle is the network manager for an insurance firm with just under 2,000 employees. The company operates a primary data center, plus another for disaster recovery, to serve two major offices in the south-central US and smaller branches around the country. Three years ago, the company installed a software-defined network based on VMware NSX technology, and now more than 99% of the network operates in a virtual environment.

The flexibility of the software-defined network provides a lot of benefits. Riffle says the company was able to improve its security posture with micro-segmentation for business applications at the virtual layer. (The company does not allow use of its name for the appearance of endorsing any product or vendor.) What’s more, there is no longer a need to have physical third-party appliances that had to be managed differently from the virtual server environment. They were able to remove physical devices, including a hardware firewall, routers and load balancers.

To read this article in full, please click here

It seems the latest buzzword coming from those analysts at Gartner is SASE (pronounced “sassy”), which stands for “Secure Access Service Edge.” Network World has published several articles recently to explain what SASE is (and perhaps isn’t). See Matt Conran’s The evolution to Secure Access Service Edge (SASE) is being driven by necessity as well as Zeus Kerravala’s article How SD-WAN is evolving into Secure Access Service Edge.

To read this article in full, please click here

The saying goes that China is the world’s factory. For many companies around the world, their products or components of their products are produced in mainland China. At the same time, China’s population of more than a billion people makes it one of the world’s largest consumer markets. Thus, for either production or sales, many companies want to do business in China and have established facilities there.

On the networking front, this means that multinational companies need to extend their wide area network into China to support their large or rapidly growing operations—and that’s easier said than done.

Many organizations had done this using VPNs, but in early 2018, the Chinese government placed restrictions on IPsec traffic to basically block it from going in and out of the country. The Ministry of Industry and Information Technology (MIIT) said these restrictions are in accordance with the China Cross-border Data Telecommunications Industry Alliance (CDTIA), which was created to regulate cross-border data communication.

To read this article in full, please click here

Network environments have become so complex that companies such as systems integrators, equipment manufacturers and enterprise organizations feel compelled to test their configurations and equipment in lab environments before deployment. Performance test labs are used extensively for quality, proof of concept, customer support, and technical sales initiatives. Labs are the perfect place to see how well something performs before it’s put into a production environment.

The primary challenge of running a test lab is the amount of time it takes to provision the test environments. A network lab infrastructure might include switches, routers, servers, virtual machines running on various server clusters, security services, cloud resources, software and so on. It takes considerable time to wire the configurations, physically build the desired test beds, login to each individual device and load the proper software configurations. Quite often, lab staffers spend more time on setup than they do on conducting actual tests.

To read this article in full, please click here

Most IT networking professionals are so busy with their day-to-day responsibilities that they don’t have time to consider taking on more work. But for companies with an industrial component, there’s an elephant in the room that is clamoring for attention. I’m talking about the increasingly common convergence of IT and operational technology (OT) networking and security.

Traditionally, IT and OT have had very separate roles in an organization. IT is typically tasked with moving data between computers and humans, whereas OT is tasked with moving data between “things,” such as sensors, actuators, smart machines, and other devices to enhance manufacturing and industrial processes. Not only were the roles for IT and OT completely separate, but their technologies and networks were, too.

To read this article in full, please click here

The TCP/IP protocol is the foundation of the internet and pretty much every single network out there. The protocol was designed 45 years ago and was originally only created for connectivity. There’s nothing in the protocol for security, mobility, or trusted authentication.

The fundamental problem with TCP/IP is that the IP address within the protocol represents both the device location and the device identity on a network. This dual functionality of the address lacks the basic mechanisms for security and mobility of devices on a network.

This is one of the reasons networks are so complicated today. To connect to things on a network or over the internet, you need VPNs, firewalls, routers, cell modems, etc. and you have all the configurations that come with ACLs, VLANs, certificates, and so on. The nightmare grows exponentially when you factor in internet of things (IoT) device connectivity and security. It’s all unsustainable at scale.

To read this article in full, please click here

A few months ago, I wrote about the managed network services (MNS) market as the evolutionary direction of the network carrier. One of the companies that plays in this space is Teridion, with a service called Teridion for Enterprise. It’s a global WAN service with some unique capabilities to support performance and reliability that enterprises can really appreciate.

Teridion for Enterprise is a cloud-centric solution all the way. The network is built in the cloud, and customers use commodity edge devices such as SD-WAN appliances or Cisco ISR boxes to connect. (Click here to read about a Cisco-Teridion alliance.) Customers request services, make changes and set policies through an easy and contemporary user interface; they pay only for the capacity they use; and all maintenance and management is completely handled by Teridion.

To read this article in full, please click here

I recently had the opportunity to talk to Mark Wutzke, chief solution architect with Allied Telesis, to learn about the company’s smart networking offerings. Perhaps you, like me, don’t know much about this networking company, though it’s been in business since 1987. That might be because the global company, until recently, has focused its efforts outside the U.S. However, that focus is beginning to change, so I wanted to learn what the company brings to the table that enterprises would be interested in.

First, a little background on the company. Allied Telesis is headquartered in both Japan and the U.S. The company has global R&D centers and manufactures its own products. Among the products are intelligent switches and stackable chassis, industrial switches, wireless solutions, firewalls and routers, optics, NICs and media converters—basically end-to-end solutions from edge to core for LAN, WLAN and WAN. In addition, Allied Telesis writes its own operating system software for its equipment, as well as the network management software that provides many of the smart networking features the company is touting today.

To read this article in full, please click here

VeloCloud is now a Business Unit within VMware since being acquired in December 2017. The two companies have had sufficient time to integrate their operations and fit their technologies together to build a cohesive offering. In January, Neal Weinberg provided an overview of where VMware is headed with its reinvention. Now let’s look at it from the VeloCloud SD-WAN perspective.

I recently talked to Sanjay Uppal, vice president and general manager of the VeloCloud Business Unit. He shared with me where VeloCloud is heading, adding that it’s all possible because of the complementary products that VMware brings to VeloCloud’s table.

To read this article in full, please click here

Network-as-a-Service (NaaS) is growing in popularity and availability for those organizations that don’t want to host their own LAN or WAN, or that want to complement or replace their traditional network with something far easier to manage.

With NaaS, a service provider creates a multi-tenant wide area network comprised of geographically dispersed points of presence (PoPs) connected via high-speed Tier 1 carrier links that create the network backbone. The PoPs peer with cloud services to facilitate customer access to cloud applications such as SaaS offerings, as well as to infrastructure services from the likes of Amazon, Google and Microsoft. User organizations connect to the network from whatever facilities they have — data centers, branch offices, or even individual client devices — typically via SD-WAN appliances and/or VPNs.

To read this article in full, please click here

Many companies today have a hybrid approach to their networking and IT infrastructure. Some elements remain in an on-premise data center, while other portions have gone to the cloud and even to multi-cloud. As a result, the network perimeter is permeable and elastic. This complicates access requirements at a time when it’s more important than ever to enable accessibility while preventing unauthorized access to applications and data.

To reduce risk, some organizations are applying a zero-trust strategy of “verification before trust” by incorporating stronger, stateful user and device authentication; granular access control; and enhanced segmentation no matter where the applications and resources reside.

To read this article in full, please click here

Fundamentally, the way that carriers (i.e. telcos) deliver managed network services hasn’t changed in decades. The core architecture of this network, known as hub and spoke, consists of branches talking to the data center over a managed network with a separate firewall in the middle. However, this type of legacy WAN can’t support today’s business needs, which include a seminal shift to the cloud, as well as mobile users that need network access from anywhere, not just from the branch.

Yishay Yovel, vice president of market strategy at Cato Networks, has followed the carriers’ dilemma for years. According to Yovel, there are numerous catalysts to this evolutionary change in the managed network services market.

To read this article in full, please click here

Gartner predicts that by 2025, 80 percent of enterprises will migrate entirely away from their on-premises data centers. Instead they’ll follow the current trend of moving workloads to colocation, hosting and the cloud, leading them to shut down their traditional data centers.

I’m sure that colocation centers look forward to the growth in business, but the growth also means the colocation data centers need to become more agile, scalable, and flexible. This is absolutely critical to their business model viability, but the challenge to get there is greater than ever.

Colocation providers have long benefitted from offering cross-connect and IT services, as well as Layer 2 WAN connectivity. However, these traditional offerings really aren't meeting the emerging demands from enterprise tenants who want more integrated, more secure and more automated networking solutions. As workloads move across different environments, such as SaaS and public clouds, there are management and operational challenges for colocation providers who are now being asked to support a more diverse portfolio of connectivity solutions.

To read this article in full, please click here

Data breaches and security threats are a top concern among IT leaders, yet it’s harder than ever to hire skilled security professionals. That has organizations looking for ways to more easily improve their security strategy. One option is to implement a software-defined WAN (SD-WAN).

I recently talked with Hamza Seqqat, director of solutions architecture at Apcela, to get his take on how SD-WAN affects security strategy. Seqqat helps enterprise organizations redefine their wide-area networks to accommodate the growing use of cloud-based applications and services. In our discussion, he outlined four areas where SD-WAN offers new security benefits.

To read this article in full, please click here

When most enterprise companies worry about having their systems hacked by attackers, the main concern is for the enterprise networks. Few companies consider that their phone systems may be vulnerable to hacking resulting in costly toll fraud. Nevertheless, the practice of hacking into corporate PBX systems and injecting fraudulent calls over the network is causing billions of dollars in damage worldwide every year.

Enterprise companies use modern PBX (private branch exchange) systems to run their communications. A PBX switches calls between enterprise users on local lines while allowing all users to share a certain number of external phone lines. Modern PBX systems work on the Session Initiation Protocol (SIP), which is a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications.

To read this article in full, please click here

The disciplines of networking, security and regulatory compliance are challenges for all organizations, but especially so for small and medium-sized businesses (SMBs) for a variety of reasons.

A primary challenge is in implementing technology solutions, most of which are point solutions that operate in silos. This leads to “swivel chair” operations where networking and security professionals have to consult multiple separate consoles to keep tabs on how well everything is performing and whether cyber threats are bringing risk to the business. The lack of integration of the siloed solutions can leave gaps in coverage and cause extra work for those in charge of the network.

To read this article in full, please click here

In the realm of enterprise computing, we have already automated the management and orchestration of software-defined compute and storage resources. Need another server or more storage capacity? Those virtual resources can be created in mere minutes — and without intervention from a human to initiate or manage the process.

Need changes to the network, such as a router reconfiguration? Well, that’s going to take a lot of time and effort from a range of humans. Even something as simple as an update to a DNS or IPAM server can take three to five days to complete. A port turn-up can take just as long — not because any physical action takes that much time, but because the workflow of all the human reviews and approvals takes time.

To read this article in full, please click here

It’s a fairly common scenario. An end user calls the help desk about a problem he’s experiencing. He might say, “I can't access the inventory application.” The worker has no idea why he can't get to the application today when it worked fine yesterday. The help desk consultant collects the relevant information for the ticket, which then gets escalated to the network operations center that is the control center for the enterprise.

The technician assigned to the ticket doesn't know if this is a true network problem, an application problem, or even something that is specific to that user's workstation or environment. Narrowing the possible causes of the problem will require some investigation using various toolsets. Traditional network monitoring tools can tell if there’s anything wrong with a server, router, or switch on that user’s network segment. If those major components are fine, the hunt for the root cause gets underway. This can be time consuming in the absence of user-specific metrics.

To read this article in full, please click here

More than 120 million Microsoft Office accounts have moved from on-premises to the cloud since the launch of Microsoft Office 365. Many of those accounts belong to users in large enterprises that weren’t fully prepared for the transition. The fact is as many as 30 to 40 percent of enterprises struggle with some level of application performance as they make the shift to cloud.

Some of the signs of poor performance (and the source of users’ frustration) include Outlook responding slowly when the user tries to open messages, VoIP calls over Skype for Business having rough spots, and documents being slow to open, close and save in Word. Performance problems in the Office applications manifest in many other ways, as well.

To read this article in full, please click here

We all know and appreciate DNS as the domain name system that maps names like Networkworld.com to the IP address that a browser actually connects to in order to get content from a website. DNS is obviously a foundational piece of the internet. However, the technology is a bit stale and needs a refresh to keep up with the times.

Legacy DNS is a simple protocol. It is essentially a phonebook that maps a domain name to an IP address. Most commercial DNS products or services in the market today are based on an open-source software product called BIND put out by the Internet Software Consortium. The name BIND stands for “Berkeley Internet Name Daemon” because the software originated in the early 1980s at the University of California at Berkeley. Not much about the DNS protocol has changed since then.

To read this article in full, please click here

Today’s threat landscape has led organizations to defend their networks with numerous point solutions, most of which are complex and require significant attention to operations and ongoing maintenance. While large enterprises often have sufficient skilled resources to support the security infrastructure, small- to medium-sized businesses sometimes struggle in this area.

For the SMB market in particular, Network Security-as-a-Service is an attractive offering. It allows companies to get the very best security technology at an affordable price point while having someone else maintain the complex infrastructure.

This has given rise to a genre of service provider that builds its own network backbone in the cloud and embeds network security as an integral service. More and more players are starting to offer this kind of service. They generally start with a global network backbone and software-defined wide-area networking (SD-WAN), add a full security stack, and connect to various cloud services from Amazon, Google, Microsoft, etc. Customers connect their data centers, branches, end users, and cloud apps to this network, and away they go. It’s networking, plus network security, all in one place, and all managed as a service.

To read this article in full, please click here

The workplace is changing rapidly as employees embrace mobility, applications are in the cloud, and Internet of Things (IoT) devices are instrumented for continuous connectivity — and this is affecting how organizations must think about secure access. Regardless of the scenario, organizations want solutions that deliver better productivity for whomever (or whatever) is connecting, a consistent user experience, compliance with corporate policies and regulatory requirements, and strong end-to-end security.

This is the playing field for Pulse Secure, a company that has built a broad portfolio of access products and services that are available as a unified platform. Pulse Secure has considered practically every use case and has built a range of solutions to solve the secure connectivity challenges that IT organizations face. The company claims to have more than 20,000 customers and a presence in 80 percent of global enterprises — maybe even yours.

To read this article in full, please click here

Any organization that has even a modest level of IT infrastructure does IT service monitoring (ITSM) to ensure that everything is operating within performance mandates codified in service level agreements (SLAs). If the IT organization is meeting its SLAs, it’s assumed that the experience the employee has interacting with this infrastructure is good. But that isn’t always the case, and the IT group might not even be aware.

For instance, an enterprise application might be working just fine for most users, but for one or a few users in particular, it could be especially slow. Unless those people call the help desk to complain, who would ever know that they are suffering? Sometimes people just accept that some aspect of IT functions poorly, and they carry on the best they can, even if it affects their productivity.

To read this article in full, please click here

Up until the advent of Software as a Service (SaaS), almost every business-critical application ran inside an enterprise’s own data center. The company had complete control over the performance of the application and could use technologies such as MPLS and techniques like WAN optimization to ensure that users across the enterprise always had a good experience with the application.

That’s no longer the case now that SaaS has become the de facto delivery model for core business applications today. In effect, the cloud is the new data center, and the internet is the new LAN. The most business-critical network between the end user and the application is not the corporate LAN but the public internet, which itself is a big collection of networks. When the internet is what sits between the end user and the SaaS application, the company depending on that application may no longer have good performance, reliability, and control.

To read this article in full, please click here

Enterprises that have grown comfortable with Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (IaaS) are increasingly accepting of Network as a Service (NaaS). NaaS is a rapidly growing market. According to Market Research Future, NaaS is expected to become a US $126 billion market by 2022, sustaining an annual growth rate of 28.4 percent.

One of the key benefits of cloud-based networking is increased security for applications and data. Given that the traditional perimeter of on-premise networks has been decimated by mobile and cloud computing, NaaS builds a new perimeter in the cloud. Now it’s possible to unify all traffic – from data centers, branch locations, mobile users, and cloud platforms – in the cloud. This means an enterprise can set all its security policies in one place, and it can push traffic through cloud-based security functions such as next-generation firewall, secure web gateway, advanced threat protection, and so on.

To read this article in full, please click here

As backup and recovery products and solutions evolve, they are beginning to intersect with security and compliance. Online backup and recovery software company Asigra has announced a new version of its software that addresses the risks posed by ransomware and non-compliance with Article 17 of the European Union’s General Data Protection Regulation (GDPR). Both should be a concern for organizations of all sizes, from global enterprises on down to small/medium businesses.

Let’s take a look at the new capabilities that Asigra is bringing to market with the version 14 release of its Cloud Backup software, and why these capabilities are an important evolution in backup and recovery.

To read this article in full, please click here

It’s been a few months since VMware closed its acquisition of VeloCloud, a prominent SD-WAN provider. In that time, the two companies have worked to integrate their products, and recently they announced a unified strategy called the Virtual Cloud Network.

The strategy fully supports the migration of applications and data out of the enterprise data center to the cloud and to branches — and with IoT, pretty much anything can be considered a branch today, as VeloCloud claims to have a customer with ocean-going ships as branches. The result is that many enterprises are in a position where their applications are everywhere, and their data is everywhere. This has profound implications on the network that needs to support all of this.

To read this article in full, please click here

We live in an age of instrumentation, where everything that can be measured is being measured so that it can be analyzed and acted upon, preferably in real time or near real time. This instrumentation and measurement process is happening in both the physical world, as well as the virtual world of IT.

For example, in the physical world, a solar energy company has instrumented all its solar panels to provide remote monitoring and battery management. Usage information is collected from a customers’ panels and sent via mobile networks to a database in the cloud. The data is analyzed, and the resulting information is used to configure and adapt each customer’s system to extend the life of the battery and control the product. If an abnormality or problem is detected, an alert can be sent to a service agent to mitigate the problem before it worsens. Thus, proactive customer service is enabled based on real-time data coming from the solar energy system at a customer’s installation.

To read this article in full, please click here

Traditional networking architectures over the past two decades or so prescribe that the hub of the network be build around a specific location, such as a data center or a company’s headquarters building.

This location houses most of the equipment for compute, storage, communications, and security, and this is where enterprise applications are traditionally hosted. For people in branch and other remote locations, traffic is typically backhauled to this hub before going out to other locations, including to the cloud.

[ Don’t miss customer reviews of top remote access tools. | Get daily insights by signing up for Network World newsletters. ]

To read this article in full, please click here

The Wi-Fi networks of today were architected more than a decade ago. That even predates the iPhone, which ushered in the era of mobility. These old Wi-Fi architectures aren’t ready to handle the vast number of mobile devices that want to connect to wireless networks today.

What’s more, these networks aren’t able to put any focus on what users experience when they are connected.

The old generation of Wi-Fi networks are a hindrance to businesses that want to increase customer engagement over ubiquitous mobile devices. For example, restaurants and retail stores would like to capture customers’ attention by offering real-time discounts or coupons when customers enter or walk by the establishment. Doing so requires the use of several technologies that old wireless networks just can’t support at scale.

To read this article in full, please click here